Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

386

Articles

Likes

655

Views

Comments

Latest from Black & White Path

100 recent articles max

Black & White Path

Jun 6, 2026 · Information Security

The Secret CPU Instructions Intel, AMD and ARM Keep Hidden (And Why They Matter)

The article explores the origins of undocumented CPU instructions—from early transistor‑saving tricks like SALC and POP CS to modern hidden backdoors such as Intel’s undocumented RISC core and the udbgrd/udbgwr commands—explaining how researchers like 0day_ninja use the MystFuzz tool to discover and exploit these covert opcodes.

CPUMystFuzzhardware security

0 likes · 8 min read

The Secret CPU Instructions Intel, AMD and ARM Keep Hidden (And Why They Matter)

Black & White Path

Jun 6, 2026 · Information Security

Over 200K Sensitive Docs Exposed by Online JSON Formatters Over Seven Years

Security researchers uncovered more than 200,000 documents—including cloud access keys, SSH keys, tax forms and bank statements—leaked from JSONFormatter.org and CodeBeautify.org over seven years, accessible via predictable unauthenticated URLs, and demonstrated that attackers can exploit such data within 48 hours.

JSON formatterSSH keysVulnerability Research

0 likes · 8 min read

Over 200K Sensitive Docs Exposed by Online JSON Formatters Over Seven Years

Black & White Path

Jun 5, 2026 · Information Security

How a Single IPv6 Packet Crashes Comodo’s Firewall Driver (ComoDoS)

Security researcher Marcus Hutchins discovered a zero‑day integer underflow in Comodo Internet Security’s Inspect.sys firewall driver that can be triggered remotely via a crafted IPv6 packet, causing a Windows kernel blue‑screen; the analysis details the vulnerability, PoC, limitations for RCE, and mitigation recommendations.

BYOVDComodoIPv6

0 likes · 9 min read

How a Single IPv6 Packet Crashes Comodo’s Firewall Driver (ComoDoS)

Black & White Path

Jun 5, 2026 · Information Security

AI-Assisted Reverse Engineering of an EXE Reveals Zero-Click Local RCE

A veteran security researcher leveraged AI-driven static analysis to dissect a .NET EXE, uncovered custom‑encrypted strings and a vulnerable WebSocket service, and demonstrated a zero‑click remote code execution chain that exploits explorer.exe without user interaction.

.NETAIPowerShell

0 likes · 7 min read

AI-Assisted Reverse Engineering of an EXE Reveals Zero-Click Local RCE

Black & White Path

Jun 5, 2026 · Information Security

Meta’s AI Chatbot Fix Is a Joke: Hackers Still Hijack Accounts via Prompt Injection

Security researchers discovered that despite Meta’s claim of fixing the AI‑assistant vulnerability, the backend API remains exploitable, allowing Iranian hackers to hijack high‑profile Instagram accounts through simple prompt‑injection attacks, and new victims continue to report compromises.

AI chatbotAccount TakeoverMeta

0 likes · 6 min read

Meta’s AI Chatbot Fix Is a Joke: Hackers Still Hijack Accounts via Prompt Injection

Black & White Path

Jun 5, 2026 · Information Security

Hackers Strike Tianya Within 12 Hours of Its Revival: A Data Crisis Amid Nostalgia

When the iconic Tianya community relaunched on June 1, 2026, hackers exploited its modern stack within twelve hours, dumping over 127 million user records and exposing how nostalgic platforms can suffer severe security flaws under sudden traffic spikes.

DDoSData BreachKubernetes

0 likes · 6 min read

Hackers Strike Tianya Within 12 Hours of Its Revival: A Data Crisis Amid Nostalgia

Black & White Path

Jun 4, 2026 · Information Security

Hidden HTTP/2 Bomb Discovered by Codex Can Cripple Millions of Servers

The Codex team uncovered a new HTTP/2 bomb that exploits HPACK compression and a zero‑byte window stall, allowing an attacker with just 100 Mbps bandwidth to consume up to 32 GB of memory on vulnerable servers such as nginx, Apache, IIS, Envoy and Cloudflare Pingora within seconds, and the article details the attack mechanics, historical context, disclosure timeline, and mitigation strategies.

DoSEnvoyHPACK

0 likes · 12 min read

Hidden HTTP/2 Bomb Discovered by Codex Can Cripple Millions of Servers

Black & White Path

Jun 4, 2026 · Information Security

Reconnoitering Local 4G/5G Base Stations Using the FALCON Tool

This article walks through using the open‑source FALCON LTE analysis tool on DragonOS with an SDR to capture and decode PDCCH signals from nearby 4G/5G base stations, revealing active devices, enabling traffic interception, user tracking, and targeted DoS attacks.

5GFALCONLTE

0 likes · 9 min read

Reconnoitering Local 4G/5G Base Stations Using the FALCON Tool

Black & White Path

Jun 4, 2026 · Information Security

Exploit Attacks Overtake Phishing: AI Cuts Weaponization Time to Negative 7 Days

Verizon's 2026 Data Breach Investigation Report shows exploit-based attacks now account for 31% of breaches, surpassing phishing, while AI-driven weaponization shortens the window to negative seven days, forcing defenders to confront longer patch cycles and a need for automated, secure‑by‑design practices.

AI weaponizationdata breach investigationexploit attacks

0 likes · 8 min read

Exploit Attacks Overtake Phishing: AI Cuts Weaponization Time to Negative 7 Days

Black & White Path

Jun 3, 2026 · Information Security

Why URLs Like /api/;/user/info Still Work: Server Parsing and RFC Rules

The article explains that URLs containing a semicolon, such as /api/;/user/info, are still reachable because web servers follow legacy URL‑path‑parameter parsing defined in older RFCs, treat empty parameters as harmless, and normalize the path before routing, which also introduces security considerations.

RFC 2396URL parsingpath parameters

0 likes · 5 min read

Why URLs Like /api/;/user/info Still Work: Server Parsing and RFC Rules